mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add optional null cipher support for RSA

This commit is contained in:
John Safranek 2012-10-19 20:52:22 -07:00
parent a5d7a3ea8f
commit a92b639155
6 changed files with 139 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cyassl/internal.h
View File

@ -160,8 +160,12 @@ void c32to24(word32 in, word24 out);
#endif
#endif
#if !defined(NO_TLS) && !defined(NO_PSK) && defined(HAVE_NULL_CIPHER)
#if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
#define BUILD_TLS_RSA_WITH_NULL_SHA
#define BUILD_TLS_RSA_WITH_NULL_SHA256
#if !defined(NO_PSK)
#define BUILD_TLS_PSK_WITH_NULL_SHA
#endif
#endif
#if !defined(NO_HC128) && !defined(NO_TLS)
@ -269,6 +273,7 @@ enum {
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
TLS_RSA_WITH_NULL_SHA = 0x02,
TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
TLS_PSK_WITH_NULL_SHA = 0x2c,
@ -312,6 +317,7 @@ enum {
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
TLS_RSA_WITH_NULL_SHA256 = 0x3b,
/* AES-GCM */
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,

36
src/internal.c
View File

@ -828,6 +828,20 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
}
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
if (tls && haveRSA) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
}
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
if (tls && haveRSA) {
suites->suites[idx++] = 0;
suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
}
#endif
#ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
if (tls && havePSK) {
suites->suites[idx++] = 0;
@ -4428,6 +4442,14 @@ const char* const cipher_names[] =
"AES256-SHA",
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
"NULL-SHA",
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
"NULL-SHA256",
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
"DHE-RSA-AES128-SHA",
#endif
@ -4632,6 +4654,14 @@ int cipher_name_idx[] =
TLS_RSA_WITH_AES_256_CBC_SHA,
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
TLS_RSA_WITH_NULL_SHA,
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
TLS_RSA_WITH_NULL_SHA256,
#endif
#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
#endif
@ -6701,6 +6731,12 @@ int SetCipherList(Suites* s, const char* list)
return 1;
break;
case TLS_RSA_WITH_NULL_SHA :
case TLS_RSA_WITH_NULL_SHA256 :
if (requirement == REQUIRES_RSA)
return 1;
break;
case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
if (requirement == REQUIRES_NTRU)
return 1;

32
src/keys.c
View File

@ -568,6 +568,38 @@ int SetCipherSpecs(CYASSL* ssl)
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA
case TLS_RSA_WITH_NULL_SHA :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.hash_size = SHA_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
break;
#endif
#ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
case TLS_RSA_WITH_NULL_SHA256 :
ssl->specs.bulk_cipher_algorithm = cipher_null;
ssl->specs.cipher_type = stream;
ssl->specs.mac_algorithm = sha256_mac;
ssl->specs.kea = rsa_kea;
ssl->specs.hash_size = SHA256_DIGEST_SIZE;
ssl->specs.pad_size = PAD_SHA;
ssl->specs.static_ecdh = 0;
ssl->specs.key_size = 0;
ssl->specs.block_size = 0;
ssl->specs.iv_size = 0;
break;
#endif
#ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
ssl->specs.bulk_cipher_algorithm = aes;

4
src/ssl.c
View File

@ -5289,6 +5289,10 @@ int CyaSSL_set_compression(CYASSL* ssl)
return "TLS_RSA_WITH_AES_128_CBC_SHA256";
case TLS_RSA_WITH_AES_256_CBC_SHA256 :
return "TLS_RSA_WITH_AES_256_CBC_SHA256";
case TLS_RSA_WITH_NULL_SHA :
return "TLS_RSA_WITH_NULL_SHA";
case TLS_RSA_WITH_NULL_SHA256 :
return "TLS_RSA_WITH_NULL_SHA256";
case TLS_PSK_WITH_AES_128_CBC_SHA :
return "TLS_PSK_WITH_AES_128_CBC_SHA";
case TLS_PSK_WITH_AES_256_CBC_SHA :

11
tests/suites.c
View File

@ -250,6 +250,17 @@ int SuiteTest(void)
}
#endif
#ifdef HAVE_NULL_CIPHER
/* add rsa null cipher suites */
strcpy(argv0[1], "tests/test-null.conf");
printf("starting null cipher suite tests\n");
test_harness(&args);
if (args.return_code != 0) {
printf("error from script %d\n", args.return_code);
exit(EXIT_FAILURE);
}
#endif
#ifdef HAVE_HC128
/* add hc128 extra suites */
strcpy(argv0[1], "tests/test-hc128.conf");

48
tests/test-null.conf Normal file
View File

@ -0,0 +1,48 @@
# server TLSv1.0 RSA-NULL-SHA
-v 1
-l NULL-SHA
# client TLSv1.0 RSA-NULL-SHA
-v 1
-l NULL-SHA
# server TLSv1.1 RSA-NULL-SHA
-v 2
-l NULL-SHA
# client TLSv1.1 RSA-NULL-SHA
-v 2
-l NULL-SHA
# server TLSv1.2 RSA-NULL-SHA
-v 3
-l NULL-SHA
# client TLSv1.2 RSA-NULL-SHA
-v 3
-l NULL-SHA
# server TLSv1.0 RSA-NULL-SHA256
-v 1
-l NULL-SHA256
# client TLSv1.0 RSA-NULL-SHA256
-v 1
-l NULL-SHA256
# server TLSv1.1 RSA-NULL-SHA256
-v 2
-l NULL-SHA256
# client TLSv1.1 RSA-NULL-SHA256
-v 2
-l NULL-SHA256
# server TLSv1.2 RSA-NULL-SHA256
-v 3
-l NULL-SHA256
# client TLSv1.2 RSA-NULL-SHA256
-v 3
-l NULL-SHA256